<?php
/*  
  Copyright (c) 2010-02 SongCMS 
  SongCMS All Rights Reserved. 
  Support:www.SongCMS.com
  QQ:544255858   19951025
  Author:Song  Version:3.17
  Date:2010-08-12 09:28:32
*/
class admin extends db{
	public $ExitPage = '../'; 
	private $lang = array(
		0 => '禁止从站点外部提交数据！',				  
		1 => '您输入的验证码不正确！',
		2 => '您输入的用户不存在！',
		3 => '您输入的密码不正确！',
	);
	public function __construct(){
		parent::__construct();
	}
	public function login($username,$password,$verifycode){
		$isLogin = true;
		$username = trim(preg_replace("/[\'\"\\\\\/]/","",$username));
		$password = md5(trim(preg_replace("/[\'\"\\\\\/]/","",$password)));
		$verifycode = trim(preg_replace("/[\'\"\\\\\/]/","",$verifycode));
		if (!External()){
			$isLogin = false;
			AdminLog(4,1,'试图从站点外部提交登录数据被拒绝！'); 
			MsgBox (1,$this -> lang[0],'-1');
			return false;
		}
		if ($_SESSION['SafeCode'] != $verifycode || empty($verifycode) || empty($_SESSION['SafeCode'])){
			$isLogin = false;
			AdminLog(4,1,"试图以用户名为 {$username} 的登录操作被拒绝，原因：输入的验证码不正确！");
			MsgBox (1,'您输入的验证码不正确！','0');
			return false;
		}
		$sql = "SELECT `ID`,`UserName`,`PassWord`,`LastLoginIP`,`LastLoginTime`,`Logins`,`JurisdiCtion`,`Levels` FROM `{$this -> dbprefix}admin` WHERE `UserName` = '{$username}'";
		if (count($ox = parent::SelectSQL($sql)) != 1){
			$isLogin = false;
			AdminLog(4,1,"试图以用户名为 {$username} 的登录操作被拒绝，原因：不存在的用户名！"); 
			MsgBox (1,$this -> lang[2],'0');
			return false;
		} 
		if ($ox[0][2] !== $password){
			$isLogin = false;
			AdminLog(4,1,"试图以用户名为{$username}的登录操作被拒绝，原因：登录密码不正确！"); 
			MsgBox (1,$this -> lang[3],'0');
			return false;
		}
		if ($isLogin === true){
		//	@$this -> removeFile('../tmp/sessions/');	
			$_SESSION['ID'] = $ox[0][0]; 
			$_SESSION['UserName'] = $ox[0][1]; 
			$_SESSION['LastLoginIP'] = $ox[0][3]; 
			$_SESSION['LastLoginTime'] = $ox[0][4]; 
			$_SESSION['Logins'] = ($ox[0][5]+1); 
			$_SESSION['JurisdiCtion'] = $ox[0][6]; 
			$_SESSION['levels'] = $ox[0][7]; 
			$_SESSION['LoginState'] = 'Song'; 
			$sql = "UPDATE `{$this -> dbprefix}admin` SET `LastLoginIP` = '{$_SERVER['REMOTE_ADDR']}',";
			parent::ExecuteSQL($sql . "`LastLoginTime` = NOW(),`Logins` = (`Logins` + 1) WHERE `ID` = {$ox[0][0]}");
			AdminLog(4,1,"用户 {$username} 成功登录网站后台！");
			unset($sql,$ox,$username,$password,$verifycode);
			$this -> detection();			
			header('Location: ./');	
			exit();
		}
	}
	private function detection(){
		global $_SERVER,$WebHost;
		$host = $_SERVER['HTTP_HOST'];
		if(!empty($host)){
			$host = 'http://' . $host . $_SERVER['SCRIPT_NAME'];
			$host = dirname(dirname($host)) . '/';
			if($WebHost != $host) MsgBox(1,'系统检测到环境发生了变化\n\n系统全局设定中的网站域名设置可能有误\n\n建议修改为您当前正在使用的域名：' . $host . '\n\n如果您开通了静态功能，更换域名设置后请重新生成所有静态页面','./');
		}		
	}
	public function logout(){
		AdminLog(4,1,"用户 {$_SESSION['UserName']} 退出网站后台登录！");
		session_destroy();
		@$this -> removeFile('../tmp/sessions/');
		header("Location: {$this -> ExitPage}");
		exit();
	}
	public function permissions(){
		global $DefaultPower,$xSystem;
		$xDefaultPower = explode(",",strtolower($DefaultPower));
		$xFile = strtolower(basename($_SERVER['PHP_SELF'])); 
		$xResults = true;
		if(empty($xFile)) die('无法获取当前文件名！');
		if(!in_array($xFile,$xDefaultPower)){
			foreach($xSystem as $i => $n){
				if(strtolower($n[2])==$xFile && $n[0]!=1) $xResults = false;
			}
			if($xResults == false){
				MsgBox (1,'系统没有开启该功能！','ServerEnvironment.php');
				exit();
			}
		}
		if ($_SESSION['LoginState'] != 'Song'){
			header('Location: Login.php');
			exit();
		}
		if ($_SESSION['levels'] != '1') {
			if ($_SESSION['JurisdiCtion'] !=  '') {$DefaultPower = $DefaultPower . "," . $_SESSION['JurisdiCtion'];} 
			$DefaultPower = explode(",",strtolower($DefaultPower)); 
			if (!in_array($xFile,$DefaultPower)) {
				MsgBox (1,'您没有权限进入该页！请与超级管理员联系！','ServerEnvironment.php');
				exit();
			}
		}
		unset($xDefaultPower,$xFile);
		return true;
	}
	public function updatevar($oFile,$oVar=array()){
		if(!is_file($oFile)) return "文件 {$oFile} 不存在！"; 
		@$fp = fopen($oFile,'r');
		if(!$fp) return "打开文件失败 {$oFile} ！"; 
		if(!is_array($oVar['na']) || !is_array($oVar['va'])) return '$oVar 参数错误。';
		@$conf_file = fread($fp,filesize($oFile));
		set_time_limit(0);
		for ($i=0; $i<count($oVar['na']); $i++){
			$oVar['va'][$i] = stripcslashes($oVar['va'][$i]); 
			$oVar['va'][$i] = htmlspecialchars($oVar['va'][$i],ENT_QUOTES); 
			$oVar['va'][$i] = str_replace ("\\",'',$oVar['va'][$i]); 
			$oNn =  str_replace ("\\",'',$oVar['na'][$i]); 
			$conf_file = preg_replace("/{$oVar['na'][$i]}\s*\=\s*[\"'].*?[\"']/is","{$oNn} = \"" . $oVar['va'][$i] . "\"",$conf_file);
		}
		if(!@$fp = fopen($oFile,'w')) return "没有写入 {$oFile} 的权限！"; 
		$fw = fwrite($fp, trim($conf_file));
		fclose($fp);
		unset($fp,$conf_file,$oFile,$oNn,$oVar);
		return true;		
	}
	public function removeFile($path){
		$result = true;
		if (substr($path, -1, 1) != "/") $path .= "/"; 
		foreach (glob($path . "*") as $file){ 
			if (is_file($file)){ 
				if(!unlink($file)) $result = false; 
			}
		} 
		return $result;
	}
	public function delcomment($type,$ids){
		$d = $this -> ExecuteSQL("DELETE FROM `{$this->dbprefix}comment` WHERE CommentType = '{$type}' && `CommentID` IN ({$ids})");
		return $d;
	}
}
?>